[VoT] How to express duplicate checks with VoT?

Rolf Brugger <rolf.brugger@switch.ch> Thu, 10 March 2016 16:51 UTC

Return-Path: <rolf.brugger@switch.ch>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0E8C12D716 for <vot@ietfa.amsl.com>; Thu, 10 Mar 2016 08:51:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.867
X-Spam-Level:
X-Spam-Status: No, score=-1.867 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FILL_THIS_FORM=0.001, FILL_THIS_FORM_FRAUD_PHISH=0.334, FILL_THIS_FORM_LONG=2, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HqlENyoDD-BF for <vot@ietfa.amsl.com>; Thu, 10 Mar 2016 08:51:09 -0800 (PST)
Received: from iberico.switch.ch (iberico.switch.ch [IPv6:2001:620:0:1002::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5088512D715 for <vot@ietf.org>; Thu, 10 Mar 2016 08:51:08 -0800 (PST)
Received: from surlej.switch.ch (surlej.switch.ch [IPv6:2001:620:0:1001::69]) by iberico.switch.ch (8.14.4/8.14.4/Debian-4) with ESMTP id u2AGp5ie002929 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <vot@ietf.org>; Thu, 10 Mar 2016 17:51:06 +0100
Received: from macrb.switch.ch ([2001:620:0:44:426c:8fff:fe37:cd48]) by surlej.switch.ch with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from <rolf.brugger@switch.ch>) id 1ae3nl-0005yQ-7B for vot@ietf.org; Thu, 10 Mar 2016 17:51:05 +0100
To: vot@ietf.org
From: Rolf Brugger <rolf.brugger@switch.ch>
Message-ID: <56E1A5F8.3090201@switch.ch>
Date: Thu, 10 Mar 2016 17:51:04 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CanIt-Geo: ip=2001:620:0:1001::69; country=CH; region=Zurich; city=Zurich; latitude=47.3720; longitude=8.5413; http://maps.google.com/maps?q=47.3720,8.5413&z=6
X-CanItPRO-Stream: switch-ch:outbound (inherits from switch-ch:default, base:default)
X-Canit-Stats-ID: Bayes signature not available
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/VPcjevN07CQz_ngV-pRq-ATej_w>
Subject: [VoT] How to express duplicate checks with VoT?
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 17:00:53 -0000

Hi all,

I'm new to this list and I hope my question is not totally irrelevant here.

We have plenty of use cases where RPs need to have confidence, that a 
person does not have multiple identities in one IdP. I don't see how 
this aspect of identity quality can be expressed, and I believe it is 
pretty orthogonal to the P, C, M and A dimensions that are currently 
specified in the VoT draft.

We could imagine multiple ways to gradually prove that an identity has 
been checked against duplicates. The most straightforward approach would 
be to make sure that unique personal attributes are used only once 
within one IdP or an IdP federation, like
- email address(es)
- mobile phone number
- home postal address
- social security number
- ID / passport number
- the combination of name and birth date
- etc.

Would it make sense to express this in VoT?

best regards

Rolf


-- 
SWITCH
--------------------------
Rolf Brugger, project Swiss edu-ID
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 15 89
rolf.brugger@switch.ch, http://www.switch.ch